#! /bin/sh
# postinst script for libopenxpki-perl
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
#
# quoting from the policy:
#     Any necessary prompting should almost always be confined to the
#     post-installation script, and should be protected with a conditional
#     so that unnecessary prompting doesn't happen if a package's
#     installation fails and the `postinst' is called with `abort-upgrade',
#     `abort-remove' or `abort-deconfigure'.

case "$1" in
    configure)
        # TODO - check for a running daemon
        #invoke-rc.d --quiet openxpkid restart
        #if [ $? -gt 0 -a $? -eq 100 ]; then exit $?; fi

        # when installed on a "slim" distro the examples are not installed
        if [ -z "$OPENXPKI_NOCONFIG" ] && [ -e "/usr/share/doc/libopenxpki-perl/examples/openxpki-etc.tgz" ]; then

            # No config - load sample config - also includes/overwrites other
            # files in /etc/openxpki/ !
            if [ ! -e /etc/openxpki/config.d/ ]; then

                tar -zxf /usr/share/doc/libopenxpki-perl/examples/openxpki-etc.tgz -C /etc/openxpki

                # chmod the "inner" config to protect sensitive data
                # do NOT chmod the top folder as e.g. apache needs access
                chmod 750 /etc/openxpki/config.d

            fi

            if [ -d /etc/openxpki/ca/ ]; then
                chown -R openxpki:root /etc/openxpki/ca/
                chmod -R 750 /etc/openxpki/ca/
            fi

            if [ -d /etc/apache2/sites-available/ ]; then
                if [ ! -e /etc/apache2/sites-available/openxpki.conf ]; then
                    cp /usr/share/doc/libopenxpki-perl/examples/apache2-openxpki-site.conf /etc/apache2/sites-available/openxpki.conf
                    /usr/sbin/a2enmod headers
                    /usr/sbin/a2ensite openxpki
                fi;
            fi;

            # static home
            if [ ! -d /var/www/static ]; then
                mkdir -p -m755 /var/www/static/democa
                chown www-data:www-data /var/www/static/democa
                cp /usr/share/doc/libopenxpki-perl/examples/home.html /var/www/static/democa/home.html
            fi;

        fi;

        # Apply chown to main folder
        chown -R openxpki:root /etc/openxpki/

        # Fix directory permissions
        chown openxpki:openxpki /var/openxpki
        chown openxpki:openxpki /var/log/openxpki
        # As apache is in the openxpki group this allows writing the UI logs
        chmod 4775 /var/log/openxpki

        # add apache user to openxpki group (to allow connecting the socket)
        usermod -a -G openxpki www-data

        # create index.html as symlink to default.html
        test -e /var/www/openxpki/index.html || ln -s default.html /var/www/openxpki/index.html

        # default download directory for CRLs
        if [ ! -d /var/www/download ]; then
            mkdir -p -m755 /var/www/download
            chown openxpki:www-data /var/www/download
        fi;

        # Setup logrotate
        if [ -e /etc/logrotate.d/ ] &&  [ ! -e /etc/logrotate.d/openxpki ]; then
            cp /usr/share/doc/libopenxpki-perl/examples/logrotate.conf /etc/logrotate.d/openxpki
        fi;

        # Create the pkiadm user
        COUNT=`grep '^pkiadm:' /etc/passwd | wc -l`;
        if [ $COUNT -eq 0 ]; then
            # Use useradd here as we need an additonal group
            useradd --create-home -G openxpki pkiadm;

            # In case somebody decided to change the home base
            HOME=`grep pkiadm /etc/passwd | cut -d":" -f6`
            chown pkiadm:openxpki $HOME
            chmod 750 $HOME
        fi;

        # Create the sudo file to restart oxi from pkiadm
        if [ ! -e /etc/sudoers.d/pkiadm ] && [ -d /etc/sudoers.d ]; then
            echo "pkiadm ALL=(ALL) NOPASSWD:/etc/init.d/openxpki" > /etc/sudoers.d/pkiadm
        fi;

    ;;

    abort-upgrade|abort-remove|abort-deconfigure)
    ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0
